CVE-2025-47154

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for use by developers."

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/LadybirdBrowser/ladybird/commit/f5a670421954fc7130c3685b713c621b29516669
https://jessie.cafe/posts/pwning-ladybirds-libjs/
https://news.ycombinator.com/item?id=43852096
https://jessie.cafe/posts/pwning-ladybirds-libjs/

Configurations

No configuration.

History

02 May 2025, 13:53

Type	Values Removed	Values Added
Summary		(es) LibJS en Ladybird anterior a f5a6704 gestiona incorrectamente la liberación del vector al que hace referencia arguments_list, lo que provoca un use-after-free y permite a atacantes remotos ejecutar código arbitrario mediante un archivo .js manipulado. NOTA: El README de GitHub indica que «Ladybird se encuentra en estado pre-alfa y solo es apto para desarrolladores».

01 May 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://jessie.cafe/posts/pwning-ladybirds-libjs/ -~~	() https://jessie.cafe/posts/pwning-ladybirds-libjs/ -

01 May 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 08:15

Updated : 2025-05-02 13:53

NVD link : CVE-2025-47154

Mitre link : CVE-2025-47154

CVE.ORG link : CVE-2025-47154

JSON object : View

Products Affected

No product.

CWE

CWE-820

Missing Synchronization

9.0 /10